Hello,
I try to integrate with Payeezy, but I can't get security token.
Request: https://api-cert.payeezy.com/v1/securitytokens?apiKey=(myAPIKey)&credit_card.card_holder_name=test+test&credit_card.card_number=4111111111111111 &credit_card.cvv=123&credit_card.exp_date=1219&credit_card.type=VISA &js_security_key=js-efc4cec18fb3b5df6bb6e5a897d39bf7efc4cec18fb3b5df&ta_token=NOIW&type=FDToken.
Request Method:OPTIONS
Status Code:200 Success
Request Headers
Host: api-cert.payeezy.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Access-Control-Request-Method: GET
Origin: http://localhost:3000
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.85 Safari/537.36
Access-Control-Request-Headers: authorization
Accept: */*
Referer: http://localhost:3000/
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8,ru;q=0.6
Response Headers:
HTTP/1.1 200 Success
Content-Type: application/json
Date: Thu, 10 Sep 2015 11:37:43 GMT
Server: Apigee Router
statuscode: 500 ???
X-Backside-Transport: FAIL FAIL ???
Content-Length: 83
Connection: keep-alive
Console Output: XMLHttpRequest cannot load https://api-cert.payeezy.com/v1/securitytokens?apiKey=j9URr7rHsAzsjFZghoA93…fc4cec18fb3b5df6bb6e5a897d39bf7efc4cec18fb3b5df&ta_token=NOIW&type=FDToken. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:3000' is therefore not allowed access.
Thanks
Hi Ronald,
Can you try this URL? It worked for me. If this works for you, replace the apikey with your own apikey. If that works, use browser developer tools to compare the headers with your previous request.
https://api-cert.payeezy.com/v1/securitytokens?apikey=y6pWAJNyJyjGv66IsVuWnklkKUPFbb0a&js_security_key=js-6125e57ce5c46e10087a545b9e9d7354c23e1a1670d9e9c7&ta_token=NOIW&auth=true&callback=Payeezy.callback&type=FDToken&credit_card.type=visa&credit_card.cardholder_name=John%20Smith&credit_card.card_number=4788250000028291&credit_card.exp_date=1030&credit_card.cvv=123
Regards,
Payeezy Team.
Hello,
I tried, it doesn't work. The error is the same. Does your server allow cross-domain requests? Is CORS enabled?
When I make request from my domain (localhost) to your domain (api-cert.payeezy), I make cross-domain request. It is not secure, so server should include in response 'Access-Control-Allow-Origin: *' to allow this request.
As you can see there are no 'Access-Control-Allow-Origin' header in response, so I can't get security token on my client-side.
Thanks.
Ronald,
CORS is not enabled for our server. However, you do not require it for the GET request. Here are my request and response headers when I tried that link.
Payeezy Team,
I think, your request works, because you make it from domain 'api-cert.payeezy.com' (header 'host' in request header) to the same domain, so your request is not cross-domain request.
I finally understand how it works. The method get securitytokens doesn't return token, it returns javascript file. Inside this file your callback is called with token object as parameter. The name of callback is taken from query parameter.
I tried to send simple get request and it doesn't work. So I get this url with all parameters and append scripts tag with src is equal to my url.
In this way, it works.
Payeezy.js works in the same way.
I develop my application based on angular and use some features, such as input masks, custom selects etc, so I can't use payeezy.js custom attributes to get field values, but I can get credit card data from form with angular. So it would be great, if payeezy.js allows to pass credit card data as parameter to create token and if you add information to docs about how to use this method appropriately to get token. It's unclear that I should include javascript file instead of make simple request.
Thank you.
Hi Ronald
1. I had made the request from localhost. The HOST header is different than ORIGIN. Even in the headers you posted earlier, the HOST header is 'api-cert.payeezy.com'.
2. Thank you for your feedback.We will definitely look to improve our documentation.
There are 2 methods to get a token, one using HTTP GET and the other using HTTP POST. The custom attributes are part of the HTTP POST method. You do not require custom attributes with the HTTP GET method. The HTTP GET returns a JSON object with the token value which can be parsed to extract the token value.
Please review this example: https://htmlpreview.github.io/?https://github.com/payeezy/payeezy_js/blob/master/example/sample_v3.2.html
Please let me know if you have more questions.
Regards,
Rohit